Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10760
Views
25
Helpful
6
Replies

AAA Source Interface

Go to solution
Patrick McHenry
Level 4
Level 4

‎11-29-2012 05:47 AM - edited ‎03-07-2019 10:18 AM

Hi,

is there a way to make aaa authentication requests source from a specific interface on a device? On remote DMVPN devices there are two tunnel interfaces and one VLAN 10 interface. The DMVPN device seems to send requests from one tunnel address or the other so, to get around this I have entered both tunnel IP scopes in the ACS server. This solves the problem but, if I could send aaa requests out the VLAN 10 interface - then, I would only have to enter one scope in the ACS server.

Thanks, Pat.

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎11-29-2012 06:00 AM

Patrick,

You should be able to use "ip tacacs source vlan x".

Hth,
John

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

View solution in original post

6 Replies 6

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎11-29-2012 05:59 AM

Hi,

yes you have the tacacs-server source-interface and radius-server source-interface commands.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Go to solution
Patrick McHenry
Level 4
Level 4
In response to cadet alain

‎11-29-2012 06:06 AM

Alain,

it appears my router doesn't have that command.

Router(config)#tacacs-server ?

  administration    Start tacacs+ deamon handling administrative messages

  attribute         Customize selected tacacs attributes

  cache             AAA auth cache default server group

  directed-request  Allow user to specify tacacs server to use with

`@server'

  dns-alias-lookup  Enable IP Domain Name System Alias lookup for TACACS

                    servers

  domain-stripping  Strip the domain from the username

  host              Specify a TACACS server

  key               Set TACACS+ encryption key.

  packet            Modify TACACS+ packet options

  timeout           Time to wait for a TACACS server to reply

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Patrick McHenry

‎11-29-2012 11:17 AM

Hi Patrick,

I don't know how my mind created this unknown command and really sorry having given you an incorrect reply that you rated.Of course the correct command was given by John.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Patrick McHenry
Level 4
Level 4
In response to cadet alain

‎11-29-2012 11:26 AM

No sweat - I'm pretty liberal with my rates.

I'm just happy when someone gives me a response - I'll take any help I can get.

Thanks,  Alain. Can't rate that one though : )

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎11-29-2012 06:00 AM

Patrick,

You should be able to use "ip tacacs source vlan x".

Hth,
John

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

Go to solution
mahmoodmkl
Level 7
Level 7

‎11-29-2012 10:49 AM

Hi

use ip tacacs source interface


Sent from Cisco Technical Support iPhone App

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card